Security News
WordPress.org has announced a new account security measure that will require accounts with capabilities to update plugins and themes to activate two-factor authentication (2FA) mandatorily. The...
TYPES OF 2FA. Secondary authentication factors vary in how they are used in the verification of user identities. The simple expedient of texting a time-sensitive code to a mobile device is usually enough to keep most accounts secure.
Authy and Google Authenticator are two popular two-factor authentication tools that do just that. Another popular authenticator app is Google Authenticator.
The Python Package Index announced last week that every account that maintains a project on the official third-party software repository will be required to turn on two-factor authentication by the end of the year. "Between now and the end of the year, PyPI will begin gating access to certain site functionality based on 2FA usage," PyPI administrator Donald Stufft said.
GitHub is now prompting developers and administrators who use the site to secure their accounts with two-factor authentication. The move toward two-factor authentication for all such users officially started on March 13 and will be a requirement by the end of 2023, GitHub said in a recent blog post.
Different 2FA choices, but biometrics and passkeys trump SMS. GitHub is also offering a preferred 2FA option for account login with a sudo prompt, allowing users to choose between time-based one-time passwords, SMS, security keys or GitHub Mobile. In a move toward closing loopholes to combat threat actors, GitHub expanded its secret scanning program last fall, allowing developers to track any publicly exposed secrets in their public GitHub repository.
Not all users are having problems receiving SMS authentication codes, and those who rely on an authenticator app or physical authentication token to secure their Twitter account may not have reason to test the mechanism. Users have been self-reporting issues on Twitter since the weekend, and WIRED confirmed that on at least some accounts, authentication texts are hours delayed or not coming at all.
You will also receive a complimentary subscription to TechRepublic's News and Special Offers newsletter and the Top Story of the Day newsletter. You may unsubscribe from these newsletters at any time.
By verifying your users' identities before they access your network, two-factor authentication protects your applications and data against unauthorized access. It works by requiring multiple factors to be confirmed before permitting access versus just an email and a password.
Twilio, which earlier this month became a sophisticated phishing attack, disclosed last week that the threat actors also managed to gain access to the accounts of 93 individual users of its Authy two-factor authentication service. The communication tools company said the unauthorized access made it possible for the adversary to register additional devices to those accounts.